Klikki Oy

April 14, 2015
Adobe released patches for two critical Flash vulnerabilities reported by Klikki: a "double free" bug and unrestricted video/audio recording on the target system.

Read more » Video demo »

April 10, 2015
Using WP Super Cache? The plug-in doesn't deny browsing the cache/meta/ directory, which is allowed by default on most web servers. These files containing e.g. session keys are publicly readable. Admin sessions can be easily hijacked. The vendor doesn't consider this "strictly" as a problem with the plug-in.
April 8, 2015
Safari cross-domain vulnerability found by Klikki affects close to 1 billion mobile and desktop devices (iOS, OS X, Windows). Patches available now. Read more » Vulnerability test »
March 19, 2015
A stored XSS vulnerability in Google Analytics by Yoast can lead to code execution by unauthenticated users, affecting millions of WordPress sites. Read more »
March 12, 2015
Five vulnerabilties, including a critical SQL injection, in WPML (sitepress-multilingual-cms) WordPress plug-in. Patch available. Updated March 13. Read more »
January 31, 2015
Another 0-day to be released soon: WordPress 3.0 - 4.1.1 core stored XSS, vendor notified on November 7. Same impact as the previous but more restricted attack vector.
January 6, 2015
Klikki's pioneering typing test site TyperA goes viral after stories on Huffington Post, MTV, Cosmopolitan, etc.
December 1, 2014
WordPress proof of concept exploit published. Read more »
November 20, 2014
Critical WordPress security vulnerability discovered by Klikki Oy affects tens of millions of web sites:
Press release »  Technical advisory »  Vulnerability test »
Unpublished zero-days
Interested our unpublished zero-days?  Contact us!

Cyber security

Advisory archive

Customer references

  • Danske Bank
  • Balancion

Game development

Hockey.tk  Socceracy  TyperA